Difference between revisions of "IPtable Forward Port"
From MS Computech
| Line 1: | Line 1: | ||
| − | + | This is sample rule to forward rdp to host. LinixGateway-->>Windows Server2003 | |
| − | |||
| − | |||
<pre>#echo 1 > /proc/sys/net/ipv4/ip_forward | <pre>#echo 1 > /proc/sys/net/ipv4/ip_forward | ||
| − | </pre> | + | </pre> |
| − | Forward rule Listen port 3000 forward to 3389 <br> | + | Forward rule Listen port 3000 forward to 3389 <br> |
<pre>#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 3000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | <pre>#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 3000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | ||
| − | #/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 3000 -j DNAT --to-destination 172.31.255.2:3389</pre> | + | #/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 3000 -j DNAT --to-destination 172.31.255.2:3389</pre> |
| − | WWW Fileshare<br> | + | WWW Fileshare<br> |
<pre>#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | <pre>#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | ||
| − | #/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 172.31.255.2:8000</pre> <pre>#/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre> | + | #/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 172.31.255.2:8000</pre><pre>#/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</pre> |
| + | Another Port Forward | ||
| + | <pre> | ||
| + | /sbin/iptables -t filter -A FORWARD -p tcp -m tcp --syn --sport 1024:65535 --dport 3389:3390 -m state --state NEW -j NEWACCEPT | ||
| + | /sbin/iptables -t filter -A OUTPUT -p tcp -m tcp --syn --sport 1024:65535 --dport 3389:3390 -m state --state NEW -j NEWACCEPT | ||
| + | /sbin/iptables -t filter -A INPUT -p tcp -m tcp --syn --sport 1024:65535 --dport 3389:3390 -m state --state NEW -j NEWACCEPT | ||
| + | /sbin/iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --syn -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d 202.176.89.172/255.255.255.255 --dport 3389:3390 -m state --state NEW -j DNAT --to-destination 192.168.4.126 | ||
| + | /sbin/iptables -t filter -A FORWARD -i ppp0 -o eth1 -p tcp -m tcp --syn -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d 192.168.4.126/255.255.255.255 --dport 3389:3390 -m state --state NEW -j NEWACCEPT | ||
| + | </pre> | ||
Latest revision as of 18:55, 14 June 2009
This is sample rule to forward rdp to host. LinixGateway-->>Windows Server2003
#echo 1 > /proc/sys/net/ipv4/ip_forward
Forward rule Listen port 3000 forward to 3389
#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 3000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 3000 -j DNAT --to-destination 172.31.255.2:3389
WWW Fileshare
#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 172.31.255.2:8000
#/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Another Port Forward
/sbin/iptables -t filter -A FORWARD -p tcp -m tcp --syn --sport 1024:65535 --dport 3389:3390 -m state --state NEW -j NEWACCEPT /sbin/iptables -t filter -A OUTPUT -p tcp -m tcp --syn --sport 1024:65535 --dport 3389:3390 -m state --state NEW -j NEWACCEPT /sbin/iptables -t filter -A INPUT -p tcp -m tcp --syn --sport 1024:65535 --dport 3389:3390 -m state --state NEW -j NEWACCEPT /sbin/iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --syn -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d 202.176.89.172/255.255.255.255 --dport 3389:3390 -m state --state NEW -j DNAT --to-destination 192.168.4.126 /sbin/iptables -t filter -A FORWARD -i ppp0 -o eth1 -p tcp -m tcp --syn -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d 192.168.4.126/255.255.255.255 --dport 3389:3390 -m state --state NEW -j NEWACCEPT
